Overview

overview

7

Static

static

3

CS2-Skinchanger.exe

windows7-x64

7

CS2-Skinchanger.exe

windows10-2004-x64

7

night-cheat.url

windows7-x64

6

night-cheat.url

windows10-2004-x64

6

Sharing

Copy URL Twitter E-mail

General

  • Target

    CS2-Skinchanger.rar

  • Size

    18.7MB

  • Sample

    231010-qkaa2aff72

  • MD5

    98a2a3c85982406b801ba0e884d9aa59

  • SHA1

    d30a8c1763f89ccc23d114934276dcb2e993cc1a

  • SHA256

    31f10989295fcc28da734b4a4b7bdb47aa8c10e90d031528cf0cea2197ee3028

  • SHA512

    09bdda54c24169a07bf3e5f23acf40ff220ce85815da0ba876302088eb12bfcda84b1cccafcba62868d2c8e4b9a2f243c81a5d149690f0345f5f3ad2d91196bb

  • SSDEEP

    393216:zVcHkD0n0ubiwdceiH1jJNAeXxjqpI8iGrCz/T/V68LFPQ9HODz4E6uhLkd:GHZ0uiwziVVNF9Lku/TDzauhId

Score
7/10
evasionpyinstallerspywarestealertrojanupx

Malware Config

Targets

    • Target

      CS2-Skinchanger.exe

    • Size

      18.9MB

    • MD5

      ad847046e15c6690d1ef8f0550b1ff2d

    • SHA1

      d6c27da703290fe77b14769bbd3f8182f7906cb7

    • SHA256

      ce99aac658ac76a7621f749846381da5d5da53a9109c6d06396ee920e945ea8a

    • SHA512

      c4a868d5c20277d53d48c485ab4ac3d68b819079a73ee6739c906f996fee032d96a5fac80e0091246642ed90e72c2bb4560417014be84055d3108a1588f6e0d7

    • SSDEEP

      393216:JSd9QDx60EW+7/pWYkRv3Bd1eZW3WpReO5uHw:JqQNPEW+7/pWZ0D4xQ

    Score
    7/10
    upxspywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      night-cheat.url

    • Size

      117B

    • MD5

      a2781ccbe8792bc98b7258ccc007090d

    • SHA1

      86a4d3751a2a9e1f79922c5e3784a6ad401ff51f

    • SHA256

      aaf4e0ca82bb3f28282be419d9c7e9272aa34e6f260f2b8a51491f93d4084808

    • SHA512

      7a171d46e5a202f9dfcac2e470143c91ad1543c924e45a05a39940684f0b7ff648eb20e0b2626bea300f842c688e7305838cf613b6ab19757d743cc3bef94772

    Score
    6/10
    evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks